(CVE-2011-1025) CVE-2011-1025 openldap: rootpw is not verified with slapd.conf
Resolves: #680472 (tracker)
Upstream ITS: #6661
Upstream patch: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8
diff -uNPrp openldap-2.4.23/servers/slapd/back-ndb/bind.cpp openldap-2.4.23.fix/servers/slapd/back-ndb/bind.cpp
--- openldap-2.4.23/servers/slapd/back-ndb/bind.cpp 2010-04-13 22:23:34.000000000 +0200
+++ openldap-2.4.23.fix/servers/slapd/back-ndb/bind.cpp 2011-02-28 15:05:48.014126213 +0100
@@ -43,11 +43,13 @@ ndb_back_bind( Operation *op, SlapReply
/* allow noauth binds */
switch ( be_rootdn_bind( op, NULL ) ) {
- case SLAP_CB_CONTINUE:
- break;
+ case LDAP_SUCCESS:
+ /* frontend will send result */
+ return rs->sr_err = LDAP_SUCCESS;
default:
- return rs->sr_err;
+ /* give the database a chance */
+ break;
}
/* Get our NDB handle */